public void Initialize(string applicationName, SqlConnectionHolder holder, SqlMembershipProvider sqlMembershipProvider, int commandTimeout)
{
CommandTimeout = commandTimeout;
Holder = holder;
Provider = sqlMembershipProvider;
ApplicationName = applicationName;
}
/// <devdoc>
/// </devdoc>
internal static SqlConnectionHolder GetConnection(string connectionString, bool revertImpersonation)
{
var holder = new SqlConnectionHolder(connectionString);
var closeConn = true;
try
{
holder.Open(revertImpersonation);
closeConn = false;
}
finally
{
if (closeConn)
{
holder.Close();
holder = null;
}
}
return holder;
}
protected override void SavePersonalizationBlob(WebPartManager webPartManager, string path, string userName, byte[] dataBlob)
{
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
try
{
try
{
connectionHolder = this.GetConnectionHolder();
connection = connectionHolder.Connection;
this.CheckSchemaVersion(connection);
this.SavePersonalizationState(connection, path, userName, dataBlob);
}
catch (SqlException exception)
{
if ((userName == null) || (((exception.Number != 0xa43) && (exception.Number != 0xa29)) && (exception.Number != 0x9d0)))
{
throw;
}
this.SavePersonalizationState(connection, path, userName, dataBlob);
}
finally
{
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch
{
throw;
}
}
private PersonalizationStateInfoCollection FindSharedState(string path,
int pageIndex,
int pageSize,
out int totalRecords)
{
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
SqlDataReader reader = null;
totalRecords = 0;
// Extra try-catch block to prevent elevation of privilege attack via exception filter
try {
try {
connectionHolder = GetConnectionHolder();
connection = connectionHolder.Connection;
Debug.Assert(connection != null);
CheckSchemaVersion(connection);
SqlCommand command = new SqlCommand("dbo.aspnet_PersonalizationAdministration_FindState", connection);
SetCommandTypeAndTimeout(command);
SqlParameterCollection parameters = command.Parameters;
SqlParameter parameter = parameters.Add(new SqlParameter("AllUsersScope", SqlDbType.Bit));
parameter.Value = true;
parameters.AddWithValue("ApplicationName", ApplicationName);
parameters.AddWithValue("PageIndex", pageIndex);
parameters.AddWithValue("PageSize", pageSize);
SqlParameter returnValue = new SqlParameter("@ReturnValue", SqlDbType.Int);
returnValue.Direction = ParameterDirection.ReturnValue;
parameters.Add(returnValue);
parameter = parameters.Add("Path", SqlDbType.NVarChar);
if (path != null)
{
parameter.Value = path;
}
parameter = parameters.Add("UserName", SqlDbType.NVarChar);
parameter = parameters.Add("InactiveSinceDate", SqlDbType.DateTime);
reader = command.ExecuteReader(CommandBehavior.SequentialAccess);
PersonalizationStateInfoCollection sharedStateInfoCollection = new PersonalizationStateInfoCollection();
if (reader != null)
{
if (reader.HasRows)
{
while (reader.Read())
{
string returnedPath = reader.GetString(0);
// Data can be null if there is no data associated with the path
DateTime lastUpdatedDate = (reader.IsDBNull(1)) ? DateTime.MinValue :
DateTime.SpecifyKind(reader.GetDateTime(1), DateTimeKind.Utc);
int size = (reader.IsDBNull(2)) ? 0 : reader.GetInt32(2);
int userDataSize = (reader.IsDBNull(3)) ? 0 : reader.GetInt32(3);
int userCount = (reader.IsDBNull(4)) ? 0 : reader.GetInt32(4);
sharedStateInfoCollection.Add(new SharedPersonalizationStateInfo(
returnedPath, lastUpdatedDate, size, userDataSize, userCount));
}
}
// The reader needs to be closed so return value can be accessed
// See MSDN doc for SqlParameter.Direction for details.
reader.Close();
reader = null;
}
// Set the total count at the end after all operations pass
if (returnValue.Value != null && returnValue.Value is int)
{
totalRecords = (int)returnValue.Value;
}
return(sharedStateInfoCollection);
}
finally {
if (reader != null)
{
reader.Close();
}
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch {
throw;
}
}
private int GetCountOfUserState(string path, DateTime inactiveSinceDate, string username)
{
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
int count = 0;
// Extra try-catch block to prevent elevation of privilege attack via exception filter
try {
try {
connectionHolder = GetConnectionHolder();
connection = connectionHolder.Connection;
Debug.Assert(connection != null);
CheckSchemaVersion(connection);
SqlCommand command = new SqlCommand("dbo.aspnet_PersonalizationAdministration_GetCountOfState", connection);
SetCommandTypeAndTimeout(command);
SqlParameterCollection parameters = command.Parameters;
SqlParameter parameter = parameters.Add(new SqlParameter("Count", SqlDbType.Int));
parameter.Direction = ParameterDirection.Output;
parameter = parameters.Add(new SqlParameter("AllUsersScope", SqlDbType.Bit));
parameter.Value = false;
parameters.AddWithValue("ApplicationName", ApplicationName);
parameter = parameters.Add("Path", SqlDbType.NVarChar);
if (path != null)
{
parameter.Value = path;
}
parameter = parameters.Add("UserName", SqlDbType.NVarChar);
if (username != null)
{
parameter.Value = username;
}
parameter = parameters.Add("InactiveSinceDate", SqlDbType.DateTime);
if (inactiveSinceDate != PersonalizationAdministration.DefaultInactiveSinceDate)
{
parameter.Value = inactiveSinceDate.ToUniversalTime();
}
command.ExecuteNonQuery();
parameter = command.Parameters[0];
if (parameter != null && parameter.Value != null && parameter.Value is Int32)
{
count = (Int32)parameter.Value;
}
}
finally {
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch {
throw;
}
return(count);
}
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
public override string[] FindUsersInRole(string roleName, string usernameToMatch)
{
SecUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName");
SecUtility.CheckParameter(ref usernameToMatch, true, true, false, 256, "usernameToMatch");
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion(holder.Connection);
SqlCommand cmd = new SqlCommand("dbo.aspnet_UsersInRoles_FindUsersInRole", holder.Connection);
SqlDataReader reader = null;
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
StringCollection sc = new StringCollection();
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandTimeout = CommandTimeout;
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName));
cmd.Parameters.Add(CreateInputParam("@UserNameToMatch", SqlDbType.NVarChar, usernameToMatch));
try {
reader = cmd.ExecuteReader(CommandBehavior.SequentialAccess);
while (reader.Read())
{
sc.Add(reader.GetString(0));
}
}
catch
{
throw;
}
finally
{
if (reader != null)
{
reader.Close();
}
}
if (sc.Count < 1)
{
switch (GetReturnValue(cmd))
{
case 0:
return(new string[0]);
case 1:
throw new ProviderException(SR.GetString(SR.Provider_role_not_found, roleName));
default:
throw new ProviderException(SR.GetString(SR.Provider_unknown_failure));
}
}
String[] strReturn = new String[sc.Count];
sc.CopyTo(strReturn, 0);
return(strReturn);
}
finally
{
if (holder != null)
{
holder.Close();
holder = null;
}
}
}
catch
{
throw;
}
}
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames)
{
SecUtility.CheckArrayParameter(ref roleNames, true, true, true, 256, "roleNames");
SecUtility.CheckArrayParameter(ref usernames, true, true, true, 256, "usernames");
bool beginTranCalled = false;
try {
SqlConnectionHolder holder = null;
try
{
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion(holder.Connection);
int numUsersRemaing = usernames.Length;
while (numUsersRemaing > 0)
{
int iter;
string allUsers = usernames[usernames.Length - numUsersRemaing];
numUsersRemaing--;
for (iter = usernames.Length - numUsersRemaing; iter < usernames.Length; iter++)
{
if (allUsers.Length + usernames[iter].Length + 1 >= 4000)
{
break;
}
allUsers += "," + usernames[iter];
numUsersRemaing--;
}
int numRolesRemaining = roleNames.Length;
while (numRolesRemaining > 0)
{
string allRoles = roleNames[roleNames.Length - numRolesRemaining];
numRolesRemaining--;
for (iter = roleNames.Length - numRolesRemaining; iter < roleNames.Length; iter++)
{
if (allRoles.Length + roleNames[iter].Length + 1 >= 4000)
{
break;
}
allRoles += "," + roleNames[iter];
numRolesRemaining--;
}
if (!beginTranCalled && (numUsersRemaing > 0 || numRolesRemaining > 0))
{
(new SqlCommand("BEGIN TRANSACTION", holder.Connection)).ExecuteNonQuery();
beginTranCalled = true;
}
RemoveUsersFromRolesCore(holder.Connection, allUsers, allRoles);
}
}
if (beginTranCalled)
{
(new SqlCommand("COMMIT TRANSACTION", holder.Connection)).ExecuteNonQuery();
beginTranCalled = false;
}
} catch {
if (beginTranCalled)
{
(new SqlCommand("ROLLBACK TRANSACTION", holder.Connection)).ExecuteNonQuery();
beginTranCalled = false;
}
throw;
} finally {
if (holder != null)
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames)
{
SecUtility.CheckArrayParameter(ref roleNames, true, true, true, 0x100, "roleNames");
SecUtility.CheckArrayParameter(ref usernames, true, true, true, 0x100, "usernames");
bool flag = false;
try
{
SqlConnectionHolder connection = null;
try
{
connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true);
this.CheckSchemaVersion(connection.Connection);
int length = usernames.Length;
while (length > 0)
{
string str = usernames[usernames.Length - length];
length--;
int index = usernames.Length - length;
while (index < usernames.Length)
{
if (((str.Length + usernames[index].Length) + 1) >= 0xfa0)
{
break;
}
str = str + "," + usernames[index];
length--;
index++;
}
int num3 = roleNames.Length;
while (num3 > 0)
{
string str2 = roleNames[roleNames.Length - num3];
num3--;
for (index = roleNames.Length - num3; index < roleNames.Length; index++)
{
if (((str2.Length + roleNames[index].Length) + 1) >= 0xfa0)
{
break;
}
str2 = str2 + "," + roleNames[index];
num3--;
}
if (!flag && ((length > 0) || (num3 > 0)))
{
new SqlCommand("BEGIN TRANSACTION", connection.Connection).ExecuteNonQuery();
flag = true;
}
this.RemoveUsersFromRolesCore(connection.Connection, str, str2);
}
}
if (flag)
{
new SqlCommand("COMMIT TRANSACTION", connection.Connection).ExecuteNonQuery();
flag = false;
}
}
catch
{
if (flag)
{
new SqlCommand("ROLLBACK TRANSACTION", connection.Connection).ExecuteNonQuery();
flag = false;
}
throw;
}
finally
{
if (connection != null)
{
connection.Close();
connection = null;
}
}
}
catch
{
throw;
}
}
private ProfileInfoCollection GetProfilesForQuery(SqlParameter[] args, ProfileAuthenticationOption authenticationOption, int pageIndex, int pageSize, out int totalRecords)
{
ProfileInfoCollection infos2;
if (pageIndex < 0)
{
throw new ArgumentException(System.Web.SR.GetString("PageIndex_bad"), "pageIndex");
}
if (pageSize < 1)
{
throw new ArgumentException(System.Web.SR.GetString("PageSize_bad"), "pageSize");
}
long num = ((pageIndex * pageSize) + pageSize) - 1L;
if (num > 0x7fffffffL)
{
throw new ArgumentException(System.Web.SR.GetString("PageIndex_PageSize_bad"), "pageIndex and pageSize");
}
try
{
SqlConnectionHolder connection = null;
SqlDataReader reader = null;
try
{
connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true);
this.CheckSchemaVersion(connection.Connection);
SqlCommand command = new SqlCommand("dbo.aspnet_Profile_GetProfiles", connection.Connection)
{
CommandTimeout = this.CommandTimeout,
CommandType = CommandType.StoredProcedure
};
command.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName));
command.Parameters.Add(this.CreateInputParam("@ProfileAuthOptions", SqlDbType.Int, (int)authenticationOption));
command.Parameters.Add(this.CreateInputParam("@PageIndex", SqlDbType.Int, pageIndex));
command.Parameters.Add(this.CreateInputParam("@PageSize", SqlDbType.Int, pageSize));
foreach (SqlParameter parameter in args)
{
command.Parameters.Add(parameter);
}
reader = command.ExecuteReader(CommandBehavior.SequentialAccess);
ProfileInfoCollection infos = new ProfileInfoCollection();
while (reader.Read())
{
string username = reader.GetString(0);
bool boolean = reader.GetBoolean(1);
DateTime lastActivityDate = DateTime.SpecifyKind(reader.GetDateTime(2), DateTimeKind.Utc);
DateTime lastUpdatedDate = DateTime.SpecifyKind(reader.GetDateTime(3), DateTimeKind.Utc);
int size = reader.GetInt32(4);
infos.Add(new ProfileInfo(username, boolean, lastActivityDate, lastUpdatedDate, size));
}
totalRecords = infos.Count;
if (reader.NextResult() && reader.Read())
{
totalRecords = reader.GetInt32(0);
}
infos2 = infos;
}
finally
{
if (reader != null)
{
reader.Close();
}
if (connection != null)
{
connection.Close();
connection = null;
}
}
}
catch
{
throw;
}
return(infos2);
}
private int ResetSharedState(string[] paths)
{
int resultCount = 0;
if (paths == null)
{
resultCount = ResetAllState(PersonalizationScope.Shared);
}
else
{
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
// Extra try-catch block to prevent elevation of privilege attack via exception filter
try {
bool beginTranCalled = false;
try {
connectionHolder = GetConnectionHolder();
connection = connectionHolder.Connection;
Debug.Assert(connection != null);
CheckSchemaVersion(connection);
SqlCommand command = new SqlCommand("dbo.aspnet_PersonalizationAdministration_ResetSharedState", connection);
SetCommandTypeAndTimeout(command);
SqlParameterCollection parameters = command.Parameters;
SqlParameter parameter = parameters.Add(new SqlParameter("Count", SqlDbType.Int));
parameter.Direction = ParameterDirection.Output;
parameters.AddWithValue("ApplicationName", ApplicationName);
parameter = parameters.Add("Path", SqlDbType.NVarChar);
foreach (string path in paths)
{
if (!beginTranCalled && paths.Length > 1)
{
(new SqlCommand("BEGIN TRANSACTION", connection)).ExecuteNonQuery();
beginTranCalled = true;
}
parameter.Value = path;
command.ExecuteNonQuery();
SqlParameter countParam = command.Parameters[0];
if (countParam != null && countParam.Value != null && countParam.Value is Int32)
{
resultCount += (Int32)countParam.Value;
}
}
if (beginTranCalled)
{
(new SqlCommand("COMMIT TRANSACTION", connection)).ExecuteNonQuery();
beginTranCalled = false;
}
}
catch {
if (beginTranCalled)
{
(new SqlCommand("ROLLBACK TRANSACTION", connection)).ExecuteNonQuery();
beginTranCalled = false;
}
throw;
}
finally {
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch {
throw;
}
}
return(resultCount);
}
public override string[] GetUsersInRole(string roleName)
{
string[] strArray2;
SecUtility.CheckParameter(ref roleName, true, true, true, 0x100, "roleName");
try
{
SqlConnectionHolder connection = null;
try
{
connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true);
this.CheckSchemaVersion(connection.Connection);
SqlCommand cmd = new SqlCommand("dbo.aspnet_UsersInRoles_GetUsersInRoles", connection.Connection);
SqlDataReader reader = null;
SqlParameter parameter = new SqlParameter("@ReturnValue", SqlDbType.Int);
StringCollection strings = new StringCollection();
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandTimeout = this.CommandTimeout;
parameter.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(parameter);
cmd.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName));
cmd.Parameters.Add(this.CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName));
try
{
reader = cmd.ExecuteReader(CommandBehavior.SequentialAccess);
while (reader.Read())
{
strings.Add(reader.GetString(0));
}
}
catch
{
throw;
}
finally
{
if (reader != null)
{
reader.Close();
}
}
if (strings.Count < 1)
{
switch (this.GetReturnValue(cmd))
{
case 0:
return(new string[0]);
case 1:
throw new ProviderException(System.Web.SR.GetString("Provider_role_not_found", new object[] { roleName }));
}
throw new ProviderException(System.Web.SR.GetString("Provider_unknown_failure"));
}
string[] array = new string[strings.Count];
strings.CopyTo(array, 0);
strArray2 = array;
}
finally
{
if (connection != null)
{
connection.Close();
connection = null;
}
}
}
catch
{
throw;
}
return(strArray2);
}
/// <devdoc>
/// </devdoc>
private byte[] LoadPersonalizationBlob(SqlConnectionHolder connectionHolder, string path, string userName)
{
MySqlCommand command = new MySqlCommand();
int status;
if (userName != null) {
status = MySqlStoredProcedures.aspnet_PersonalizationPerUser_GetPageSettings(ApplicationName,
userName, path, DateTime.UtcNow, connectionHolder, ref command);
//command = new MySqlCommand("dbo.aspnet_PersonalizationPerUser_GetPageSettings", connection);
}
else {
status = MySqlStoredProcedures.aspnet_PersonalizationAllUsers_GetPageSettings(ApplicationName,
path, connectionHolder, ref command);
//command = new MySqlCommand("dbo.aspnet_PersonalizationAllUsers_GetPageSettings", connection);
}
//SetCommandTypeAndTimeout(command);
//command.Parameters.Add(CreateParameter("@ApplicationName", MySqlDbType.VarChar, this.ApplicationName));
//command.Parameters.Add(CreateParameter("@Path", MySqlDbType.VarChar, path));
//if (userName != null) {
// command.Parameters.Add(CreateParameter("@UserName", MySqlDbType.VarChar, userName));
// command.Parameters.Add(CreateParameter("@CurrentTimeUtc", MySqlDbType.DateTime, DateTime.UtcNow));
//}
MySqlDataReader reader = null;
try {
reader = command.ExecuteReader(CommandBehavior.SingleRow);
if (reader.Read()) {
int length = (int)reader.GetBytes(0, 0, null, 0, 0);
byte[] state = new byte[length];
reader.GetBytes(0, 0, state, 0, length);
return state;
}
}
finally {
if (reader != null) {
reader.Close();
}
}
return null;
}
/// <devdoc>
/// </devdoc>
private void ResetPersonalizationState(SqlConnectionHolder connectionHolder, string path, string userName)
{
//MySqlCommand command;
int status;
if (userName != null) {
status = MySqlStoredProcedures.aspnet_PersonalizationPerUser_ResetPageSettings(ApplicationName,
userName, path, DateTime.UtcNow, connectionHolder);
//command = new MySqlCommand("dbo.aspnet_PersonalizationPerUser_ResetPageSettings", connection);
}
else {
status = MySqlStoredProcedures.aspnet_PersonalizationAllUsers_ResetPageSettings(ApplicationName,
path, connectionHolder);
//command = new MySqlCommand("dbo.aspnet_PersonalizationAllUsers_ResetPageSettings", connection);
}
//SetCommandTypeAndTimeout(command);
//command.Parameters.Add(CreateParameter("@ApplicationName", MySqlDbType.VarChar, ApplicationName));
//command.Parameters.Add(CreateParameter("@Path", MySqlDbType.VarChar, path));
//if (userName != null) {
// command.Parameters.Add(CreateParameter("@UserName", MySqlDbType.VarChar, userName));
// command.Parameters.Add(CreateParameter("@CurrentTimeUtc", MySqlDbType.DateTime, DateTime.UtcNow));
//}
//command.ExecuteNonQuery();
}
void WriteToSQL(WebBaseEventCollection events, int eventsDiscardedByBuffer, DateTime lastNotificationUtc)
{
// We don't want to send any more events until we've waited until the _retryDate (which defaults to minValue)
if (_retryDate > DateTime.UtcNow)
{
return;
}
try {
SqlConnectionHolder sqlConnHolder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
SqlCommand sqlCommand = new SqlCommand(SP_LOG_EVENT);
CheckSchemaVersion(sqlConnHolder.Connection);
sqlCommand.CommandType = CommandType.StoredProcedure;
sqlCommand.Connection = sqlConnHolder.Connection;
if (_commandTimeout > -1)
{
sqlCommand.CommandTimeout = _commandTimeout;
}
PrepareParams(sqlCommand);
try {
sqlConnHolder.Open(null, true);
Interlocked.Increment(ref _connectionCount);
if (eventsDiscardedByBuffer != 0)
{
WebBaseEvent infoEvent = new WebBaseEvent(
SR.GetString(SR.Sql_webevent_provider_events_dropped,
eventsDiscardedByBuffer.ToString(CultureInfo.InstalledUICulture),
lastNotificationUtc.ToString("r", CultureInfo.InstalledUICulture)),
null,
WebEventCodes.WebEventProviderInformation,
WebEventCodes.SqlProviderEventsDropped);
FillParams(sqlCommand, infoEvent);
sqlCommand.ExecuteNonQuery();
}
foreach (WebBaseEvent eventRaised in events)
{
FillParams(sqlCommand, eventRaised);
sqlCommand.ExecuteNonQuery();
}
}
#if DBG
catch (Exception e) {
Debug.Trace("SqlWebEventProvider", "ExecuteNonQuery failed: " + e);
throw;
}
#endif
finally {
sqlConnHolder.Close();
Interlocked.Decrement(ref _connectionCount);
}
#if (!DBG)
try {
#endif
EventProcessingComplete(events);
#if (!DBG)
}
catch {
// Ignore all errors.
}
#endif
}
catch {
// For any failure, we will wait at least 30 seconds or _commandTimeout before trying again
double timeout = 30;
if (_commandTimeout > -1)
{
timeout = (double)_commandTimeout;
}
_retryDate = DateTime.UtcNow.AddSeconds(timeout);
throw;
}
}
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
// Private methods
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
private ProfileInfoCollection GetProfilesForQuery(SqlParameter [] args, ProfileAuthenticationOption authenticationOption, int pageIndex, int pageSize, out int totalRecords)
{
if (pageIndex < 0)
{
throw new ArgumentException(SR.GetString(SR.PageIndex_bad), "pageIndex");
}
if (pageSize < 1)
{
throw new ArgumentException(SR.GetString(SR.PageSize_bad), "pageSize");
}
long upperBound = (long)pageIndex * pageSize + pageSize - 1;
if (upperBound > Int32.MaxValue)
{
throw new ArgumentException(SR.GetString(SR.PageIndex_PageSize_bad), "pageIndex and pageSize");
}
try {
SqlConnectionHolder holder = null;
SqlDataReader reader = null;
try {
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion(holder.Connection);
SqlCommand cmd = new SqlCommand("dbo.aspnet_Profile_GetProfiles", holder.Connection);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@ProfileAuthOptions", SqlDbType.Int, (int)authenticationOption));
cmd.Parameters.Add(CreateInputParam("@PageIndex", SqlDbType.Int, pageIndex));
cmd.Parameters.Add(CreateInputParam("@PageSize", SqlDbType.Int, pageSize));
foreach (SqlParameter arg in args)
{
cmd.Parameters.Add(arg);
}
reader = cmd.ExecuteReader(CommandBehavior.SequentialAccess);
ProfileInfoCollection profiles = new ProfileInfoCollection();
while (reader.Read())
{
string username;
DateTime dtLastActivity, dtLastUpdated;
bool isAnon;
username = reader.GetString(0);
isAnon = reader.GetBoolean(1);
dtLastActivity = DateTime.SpecifyKind(reader.GetDateTime(2), DateTimeKind.Utc);
dtLastUpdated = DateTime.SpecifyKind(reader.GetDateTime(3), DateTimeKind.Utc);
int size = reader.GetInt32(4);
profiles.Add(new ProfileInfo(username, isAnon, dtLastActivity, dtLastUpdated, size));
}
totalRecords = profiles.Count;
if (reader.NextResult())
{
if (reader.Read())
{
totalRecords = reader.GetInt32(0);
}
}
return(profiles);
} finally {
if (reader != null)
{
reader.Close();
}
if (holder != null)
{
holder.Close();
holder = null;
}
}
}
catch {
throw;
}
}
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
public override int DeleteProfiles(string[] usernames)
{
SecUtility.CheckArrayParameter(ref usernames,
true,
true,
true,
256,
"usernames");
int numProfilesDeleted = 0;
bool beginTranCalled = false;
try {
SqlConnectionHolder holder = null;
try
{
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion(holder.Connection);
SqlCommand cmd;
int numUsersRemaing = usernames.Length;
while (numUsersRemaing > 0)
{
string allUsers = usernames[usernames.Length - numUsersRemaing];
numUsersRemaing--;
for (int iter = usernames.Length - numUsersRemaing; iter < usernames.Length; iter++)
{
if (allUsers.Length + usernames[iter].Length + 1 >= 4000)
{
break;
}
allUsers += "," + usernames[iter];
numUsersRemaing--;
}
// We don't need to start a transaction if we can finish this in one sql command
if (!beginTranCalled && numUsersRemaing > 0)
{
cmd = new SqlCommand("BEGIN TRANSACTION", holder.Connection);
cmd.ExecuteNonQuery();
beginTranCalled = true;
}
cmd = new SqlCommand("dbo.aspnet_Profile_DeleteProfiles", holder.Connection);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserNames", SqlDbType.NVarChar, allUsers));
object o = cmd.ExecuteScalar();
if (o != null && o is int)
{
numProfilesDeleted += (int)o;
}
}
if (beginTranCalled)
{
cmd = new SqlCommand("COMMIT TRANSACTION", holder.Connection);
cmd.ExecuteNonQuery();
beginTranCalled = false;
}
} catch {
if (beginTranCalled)
{
SqlCommand cmd = new SqlCommand("ROLLBACK TRANSACTION", holder.Connection);
cmd.ExecuteNonQuery();
beginTranCalled = false;
}
throw;
} finally {
if (holder != null)
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
return(numProfilesDeleted);
}
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
private void GetPropertyValuesFromDatabase(string userName, SettingsPropertyValueCollection svc)
{
HttpContext context = HttpContext.Current;
if (context != null && HostingEnvironment.IsHosted && EtwTrace.IsTraceEnabled(EtwTraceLevel.Information, EtwTraceFlags.AppSvc))
{
EtwTrace.Trace(EtwTraceType.ETW_TYPE_PROFILE_BEGIN, HttpContext.Current.WorkerRequest);
}
string[] names = null;
string values = null;
byte[] buf = null;
string sName = null;
if (context != null)
{
sName = (context.Request.IsAuthenticated ? context.User.Identity.Name : context.Request.AnonymousID);
}
try {
SqlConnectionHolder holder = null;
SqlDataReader reader = null;
try
{
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion(holder.Connection);
SqlCommand cmd = new SqlCommand("dbo.aspnet_Profile_GetProperties", holder.Connection);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, userName));
cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
reader = cmd.ExecuteReader(CommandBehavior.SingleRow);
if (reader.Read())
{
names = reader.GetString(0).Split(':');
values = reader.GetString(1);
int size = (int)reader.GetBytes(2, 0, null, 0, 0);
buf = new byte[size];
reader.GetBytes(2, 0, buf, 0, size);
}
} finally {
if (holder != null)
{
holder.Close();
holder = null;
}
if (reader != null)
{
reader.Close();
}
}
ProfileModule.ParseDataFromDB(names, values, buf, svc);
if (context != null && HostingEnvironment.IsHosted && EtwTrace.IsTraceEnabled(EtwTraceLevel.Information, EtwTraceFlags.AppSvc))
{
EtwTrace.Trace(EtwTraceType.ETW_TYPE_PROFILE_END, HttpContext.Current.WorkerRequest, userName);
}
} catch {
throw;
}
}
private void GetPropertyValuesFromDatabase(string userName, SettingsPropertyValueCollection svc)
{
if (HostingEnvironment.IsHosted && EtwTrace.IsTraceEnabled(4, 8))
{
EtwTrace.Trace(EtwTraceType.ETW_TYPE_PROFILE_BEGIN, HttpContext.Current.WorkerRequest);
}
HttpContext current = HttpContext.Current;
string[] names = null;
string values = null;
byte[] buffer = null;
if (current != null)
{
if (!current.Request.IsAuthenticated)
{
string anonymousID = current.Request.AnonymousID;
}
else
{
string name = current.User.Identity.Name;
}
}
try
{
SqlConnectionHolder connection = null;
SqlDataReader reader = null;
try
{
connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true);
this.CheckSchemaVersion(connection.Connection);
SqlCommand command = new SqlCommand("dbo.aspnet_Profile_GetProperties", connection.Connection)
{
CommandTimeout = this.CommandTimeout,
CommandType = CommandType.StoredProcedure
};
command.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName));
command.Parameters.Add(this.CreateInputParam("@UserName", SqlDbType.NVarChar, userName));
command.Parameters.Add(this.CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
reader = command.ExecuteReader(CommandBehavior.SingleRow);
if (reader.Read())
{
names = reader.GetString(0).Split(new char[] { ':' });
values = reader.GetString(1);
int length = (int)reader.GetBytes(2, 0L, null, 0, 0);
buffer = new byte[length];
reader.GetBytes(2, 0L, buffer, 0, length);
}
}
finally
{
if (connection != null)
{
connection.Close();
connection = null;
}
if (reader != null)
{
reader.Close();
}
}
ProfileModule.ParseDataFromDB(names, values, buffer, svc);
if (HostingEnvironment.IsHosted && EtwTrace.IsTraceEnabled(4, 8))
{
EtwTrace.Trace(EtwTraceType.ETW_TYPE_PROFILE_END, HttpContext.Current.WorkerRequest, userName);
}
}
catch
{
throw;
}
}
private int ResetUserState(ResetUserStateMode mode,
DateTime userInactiveSinceDate,
string[] paths,
string[] usernames)
{
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
int count = 0;
// Extra try-catch block to prevent elevation of privilege attack via exception filter
try {
bool beginTranCalled = false;
try {
connectionHolder = GetConnectionHolder();
connection = connectionHolder.Connection;
Debug.Assert(connection != null);
CheckSchemaVersion(connection);
SqlCommand command = new SqlCommand("dbo.aspnet_PersonalizationAdministration_ResetUserState", connection);
SetCommandTypeAndTimeout(command);
SqlParameterCollection parameters = command.Parameters;
SqlParameter parameter = parameters.Add(new SqlParameter("Count", SqlDbType.Int));
parameter.Direction = ParameterDirection.Output;
parameters.AddWithValue("ApplicationName", ApplicationName);
string firstPath = (paths != null && paths.Length > 0) ? paths[0] : null;
if (mode == ResetUserStateMode.PerInactiveDate)
{
if (userInactiveSinceDate != PersonalizationAdministration.DefaultInactiveSinceDate)
{
// Special note: DateTime object cannot be added to collection
// via AddWithValue for some reason.
parameter = parameters.Add("InactiveSinceDate", SqlDbType.DateTime);
parameter.Value = userInactiveSinceDate.ToUniversalTime();
}
if (firstPath != null)
{
parameters.AddWithValue("Path", firstPath);
}
command.ExecuteNonQuery();
SqlParameter countParam = command.Parameters[0];
if (countParam != null && countParam.Value != null && countParam.Value is Int32)
{
count = (Int32)countParam.Value;
}
}
else if (mode == ResetUserStateMode.PerPaths)
{
Debug.Assert(paths != null);
parameter = parameters.Add("Path", SqlDbType.NVarChar);
foreach (string path in paths)
{
if (!beginTranCalled && paths.Length > 1)
{
(new SqlCommand("BEGIN TRANSACTION", connection)).ExecuteNonQuery();
beginTranCalled = true;
}
parameter.Value = path;
command.ExecuteNonQuery();
SqlParameter countParam = command.Parameters[0];
if (countParam != null && countParam.Value != null && countParam.Value is Int32)
{
count += (Int32)countParam.Value;
}
}
}
else
{
Debug.Assert(mode == ResetUserStateMode.PerUsers);
if (firstPath != null)
{
parameters.AddWithValue("Path", firstPath);
}
parameter = parameters.Add("UserName", SqlDbType.NVarChar);
foreach (string user in usernames)
{
if (!beginTranCalled && usernames.Length > 1)
{
(new SqlCommand("BEGIN TRANSACTION", connection)).ExecuteNonQuery();
beginTranCalled = true;
}
parameter.Value = user;
command.ExecuteNonQuery();
SqlParameter countParam = command.Parameters[0];
if (countParam != null && countParam.Value != null && countParam.Value is Int32)
{
count += (Int32)countParam.Value;
}
}
}
if (beginTranCalled)
{
(new SqlCommand("COMMIT TRANSACTION", connection)).ExecuteNonQuery();
beginTranCalled = false;
}
}
catch {
if (beginTranCalled)
{
(new SqlCommand("ROLLBACK TRANSACTION", connection)).ExecuteNonQuery();
beginTranCalled = false;
}
throw;
}
finally {
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch {
throw;
}
return(count);
}
private PersonalizationStateInfoCollection FindSharedState(string path, int pageIndex, int pageSize, out int totalRecords)
{
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
SqlDataReader reader = null;
PersonalizationStateInfoCollection infos2;
totalRecords = 0;
try
{
try
{
connectionHolder = this.GetConnectionHolder();
connection = connectionHolder.Connection;
this.CheckSchemaVersion(connection);
SqlCommand command = new SqlCommand("dbo.aspnet_PersonalizationAdministration_FindState", connection);
this.SetCommandTypeAndTimeout(command);
SqlParameterCollection parameters = command.Parameters;
parameters.Add(new SqlParameter("AllUsersScope", SqlDbType.Bit)).Value = true;
parameters.AddWithValue("ApplicationName", this.ApplicationName);
parameters.AddWithValue("PageIndex", pageIndex);
parameters.AddWithValue("PageSize", pageSize);
SqlParameter parameter2 = new SqlParameter("@ReturnValue", SqlDbType.Int)
{
Direction = ParameterDirection.ReturnValue
};
parameters.Add(parameter2);
SqlParameter parameter = parameters.Add("Path", SqlDbType.NVarChar);
if (path != null)
{
parameter.Value = path;
}
parameter = parameters.Add("UserName", SqlDbType.NVarChar);
parameter = parameters.Add("InactiveSinceDate", SqlDbType.DateTime);
reader = command.ExecuteReader(CommandBehavior.SequentialAccess);
PersonalizationStateInfoCollection infos = new PersonalizationStateInfoCollection();
if (reader != null)
{
if (reader.HasRows)
{
while (reader.Read())
{
string str = reader.GetString(0);
DateTime lastUpdatedDate = reader.IsDBNull(1) ? DateTime.MinValue : DateTime.SpecifyKind(reader.GetDateTime(1), DateTimeKind.Utc);
int size = reader.IsDBNull(2) ? 0 : reader.GetInt32(2);
int sizeOfPersonalizations = reader.IsDBNull(3) ? 0 : reader.GetInt32(3);
int countOfPersonalizations = reader.IsDBNull(4) ? 0 : reader.GetInt32(4);
infos.Add(new SharedPersonalizationStateInfo(str, lastUpdatedDate, size, sizeOfPersonalizations, countOfPersonalizations));
}
}
reader.Close();
reader = null;
}
if ((parameter2.Value != null) && (parameter2.Value is int))
{
totalRecords = (int)parameter2.Value;
}
infos2 = infos;
}
finally
{
if (reader != null)
{
reader.Close();
}
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch
{
throw;
}
return(infos2);
}
public override bool IsUserInRole(string username, string roleName)
{
bool flag;
SecUtility.CheckParameter(ref roleName, true, true, true, 0x100, "roleName");
SecUtility.CheckParameter(ref username, true, false, true, 0x100, "username");
if (username.Length < 1)
{
return(false);
}
try
{
SqlConnectionHolder connection = null;
try
{
connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true);
this.CheckSchemaVersion(connection.Connection);
SqlCommand cmd = new SqlCommand("dbo.aspnet_UsersInRoles_IsUserInRole", connection.Connection)
{
CommandType = CommandType.StoredProcedure,
CommandTimeout = this.CommandTimeout
};
SqlParameter parameter = new SqlParameter("@ReturnValue", SqlDbType.Int)
{
Direction = ParameterDirection.ReturnValue
};
cmd.Parameters.Add(parameter);
cmd.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName));
cmd.Parameters.Add(this.CreateInputParam("@UserName", SqlDbType.NVarChar, username));
cmd.Parameters.Add(this.CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName));
cmd.ExecuteNonQuery();
switch (this.GetReturnValue(cmd))
{
case 0:
return(false);
case 1:
return(true);
case 2:
return(false);
case 3:
return(false);
}
throw new ProviderException(System.Web.SR.GetString("Provider_unknown_failure"));
}
finally
{
if (connection != null)
{
connection.Close();
connection = null;
}
}
}
catch
{
throw;
}
return(flag);
}
private int ResetSharedState(string[] paths)
{
int num = 0;
if (paths == null)
{
return(this.ResetAllState(PersonalizationScope.Shared));
}
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
try
{
bool flag = false;
try
{
try
{
connectionHolder = this.GetConnectionHolder();
connection = connectionHolder.Connection;
this.CheckSchemaVersion(connection);
SqlCommand command = new SqlCommand("dbo.aspnet_PersonalizationAdministration_ResetSharedState", connection);
this.SetCommandTypeAndTimeout(command);
SqlParameterCollection parameters = command.Parameters;
parameters.Add(new SqlParameter("Count", SqlDbType.Int)).Direction = ParameterDirection.Output;
parameters.AddWithValue("ApplicationName", this.ApplicationName);
SqlParameter parameter = parameters.Add("Path", SqlDbType.NVarChar);
foreach (string str in paths)
{
if (!flag && (paths.Length > 1))
{
new SqlCommand("BEGIN TRANSACTION", connection).ExecuteNonQuery();
flag = true;
}
parameter.Value = str;
command.ExecuteNonQuery();
SqlParameter parameter2 = command.Parameters[0];
if (((parameter2 != null) && (parameter2.Value != null)) && (parameter2.Value is int))
{
num += (int)parameter2.Value;
}
}
if (flag)
{
new SqlCommand("COMMIT TRANSACTION", connection).ExecuteNonQuery();
flag = false;
}
}
catch
{
if (flag)
{
new SqlCommand("ROLLBACK TRANSACTION", connection).ExecuteNonQuery();
flag = false;
}
throw;
}
return(num);
}
finally
{
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch
{
throw;
}
return(num);
}
private int ResetUserState(ResetUserStateMode mode, DateTime userInactiveSinceDate, string[] paths, string[] usernames)
{
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
int num = 0;
try
{
bool flag = false;
try
{
try
{
connectionHolder = this.GetConnectionHolder();
connection = connectionHolder.Connection;
this.CheckSchemaVersion(connection);
SqlCommand command = new SqlCommand("dbo.aspnet_PersonalizationAdministration_ResetUserState", connection);
this.SetCommandTypeAndTimeout(command);
SqlParameterCollection parameters = command.Parameters;
parameters.Add(new SqlParameter("Count", SqlDbType.Int)).Direction = ParameterDirection.Output;
parameters.AddWithValue("ApplicationName", this.ApplicationName);
string str = ((paths != null) && (paths.Length > 0)) ? paths[0] : null;
if (mode == ResetUserStateMode.PerInactiveDate)
{
if (userInactiveSinceDate != PersonalizationAdministration.DefaultInactiveSinceDate)
{
parameters.Add("InactiveSinceDate", SqlDbType.DateTime).Value = userInactiveSinceDate.ToUniversalTime();
}
if (str != null)
{
parameters.AddWithValue("Path", str);
}
command.ExecuteNonQuery();
SqlParameter parameter2 = command.Parameters[0];
if (((parameter2 != null) && (parameter2.Value != null)) && (parameter2.Value is int))
{
num = (int)parameter2.Value;
}
}
else
{
SqlParameter parameter;
if (mode == ResetUserStateMode.PerPaths)
{
parameter = parameters.Add("Path", SqlDbType.NVarChar);
foreach (string str2 in paths)
{
if (!flag && (paths.Length > 1))
{
new SqlCommand("BEGIN TRANSACTION", connection).ExecuteNonQuery();
flag = true;
}
parameter.Value = str2;
command.ExecuteNonQuery();
SqlParameter parameter3 = command.Parameters[0];
if (((parameter3 != null) && (parameter3.Value != null)) && (parameter3.Value is int))
{
num += (int)parameter3.Value;
}
}
}
else
{
if (str != null)
{
parameters.AddWithValue("Path", str);
}
parameter = parameters.Add("UserName", SqlDbType.NVarChar);
foreach (string str3 in usernames)
{
if (!flag && (usernames.Length > 1))
{
new SqlCommand("BEGIN TRANSACTION", connection).ExecuteNonQuery();
flag = true;
}
parameter.Value = str3;
command.ExecuteNonQuery();
SqlParameter parameter4 = command.Parameters[0];
if (((parameter4 != null) && (parameter4.Value != null)) && (parameter4.Value is int))
{
num += (int)parameter4.Value;
}
}
}
}
if (flag)
{
new SqlCommand("COMMIT TRANSACTION", connection).ExecuteNonQuery();
flag = false;
}
}
catch
{
if (flag)
{
new SqlCommand("ROLLBACK TRANSACTION", connection).ExecuteNonQuery();
flag = false;
}
throw;
}
return(num);
}
finally
{
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch
{
throw;
}
return(num);
}
public override int DeleteProfiles(string[] usernames)
{
SecUtility.CheckArrayParameter(ref usernames, true, true, true, 0x100, "usernames");
int num = 0;
bool flag = false;
try
{
SqlConnectionHolder connection = null;
try
{
try
{
connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true);
this.CheckSchemaVersion(connection.Connection);
int length = usernames.Length;
while (length > 0)
{
SqlCommand command;
string objValue = usernames[usernames.Length - length];
length--;
for (int i = usernames.Length - length; i < usernames.Length; i++)
{
if (((objValue.Length + usernames[i].Length) + 1) >= 0xfa0)
{
break;
}
objValue = objValue + "," + usernames[i];
length--;
}
if (!flag && (length > 0))
{
command = new SqlCommand("BEGIN TRANSACTION", connection.Connection);
command.ExecuteNonQuery();
flag = true;
}
command = new SqlCommand("dbo.aspnet_Profile_DeleteProfiles", connection.Connection)
{
CommandTimeout = this.CommandTimeout,
CommandType = CommandType.StoredProcedure
};
command.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName));
command.Parameters.Add(this.CreateInputParam("@UserNames", SqlDbType.NVarChar, objValue));
object obj2 = command.ExecuteScalar();
if ((obj2 != null) && (obj2 is int))
{
num += (int)obj2;
}
}
if (flag)
{
new SqlCommand("COMMIT TRANSACTION", connection.Connection).ExecuteNonQuery();
flag = false;
}
}
catch
{
if (flag)
{
new SqlCommand("ROLLBACK TRANSACTION", connection.Connection).ExecuteNonQuery();
flag = false;
}
throw;
}
return(num);
}
finally
{
if (connection != null)
{
connection.Close();
connection = null;
}
}
}
catch
{
throw;
}
return(num);
}